A vulnerability in WordPress Plugin DM Albums 1.9.2 allows an attacker to download the config.php file from the server by sending a specially crafted HTTP request.
TFM MMPlayer 2.0 is vulnerable to a buffer overflow vulnerability when processing specially crafted .m3u and .ppl files. This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted file. The vulnerability is caused due to a boundary error when processing the file and can be exploited to cause a stack-based buffer overflow by overwriting a structured exception handler (SEH) with a specially crafted payload.
A remote file include vulnerability exists in DM FileManager 3.9.4. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input passed to the 'SECURITY_FILE' parameter in 'album.php' script. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable system. Successful exploitation results in arbitrary code execution on the vulnerable system.
A remote file include vulnerability exists in DM Albumsâ„¢ 1.9.2 & WordPress Plug-in. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it on the vulnerable system.
Neversolved.pl is a simple login grabber by lama which is tested on Newsolved 1.1.6. It uses LWP::UserAgent to get the page and HTTP::Request to post the page. It uses Getopt::Std to get the options. It has three bugs which are used to get the user and password. It also has four lookups which are used to crack the MD5 hashes.
The vulnerability exists due to insufficient validation of user-supplied input in the 'file' parameter of the 'download.php' script. A remote attacker can download arbitrary files from the vulnerable server.
A vulnerability in Joomla's com_bookflip component allows an attacker to inject arbitrary SQL commands into the application by manipulating the book_id parameter of the component. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords.
A vulnerability in cPanel allows an attacker to bypass authentication and gain access to the cPanel interface. This vulnerability is caused by a flaw in the authentication process. The attacker can exploit this vulnerability by sending a specially crafted request to the cPanel interface. This request will bypass the authentication process and allow the attacker to gain access to the cPanel interface.
A vulnerability in Clicknet CMS v2.1 allows an attacker to view sensitive files on the server by appending '../index' to the 'side' parameter in the URL. This can be exploited to view the source code of the application and other sensitive files.
A vulnerability in Script Almnzm allows an attacker to inject arbitrary SQL commands via the 'action' parameter in a 'GET' request to index.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'action' parameter. This can be used to bypass authentication and gain access to the application.
Services By CQR